This is more of a personal dilemma, since I keep finding myself switching back and forth between NixOS and Gentoo every now and then. I’ve done this twice for each so far ever since I immediately started off my Linux journey with Gentoo, making a quick stop at Arch once when I didn’t have enough time to set either of them up properly. Both of them provides a massive amount of control over my system and lets me build my system in weird and interesting ways, e.g. musl, clang, and/or SELinux for Gentoo and impermanence for NixOS (it still kind of blows my mind right now). Personally, I find Gentoo more intuitive, but NixOS is more powerful for managing complex systems, but then again, I don’t have any complex systems to manage, only a singular desktop system. I’d love to keep switching back and forth, but I feel like it has become sort of a time sink for me, somewhat hindering my studies, and thus I feel the need to decide which one to settle on, and which one to keep in a VM to mess around with. That brings me to the title of the post, which do you think is better for a simple desktop system? Also, I don’t know how viable dual booting is, given that I manage my dotfiles almost entirely with home-manager, and I like to have secure boot.

  • Veraticus@lib.lgbt
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Well, you’re posting in the Nix community so…

    Gentoo is basically a regular Linux distro when you get right down to it. It’s cool you compile everything locally but that’s not exactly revolutionary. And if you want to reproduce your system state you’re in the same place as any other distro; using complicated scripts to try to achieve what NixOS gives you out of the box.

    I personally don’t really see the comparison. But if you love Gentoo, you can always just do Gentoo plus Nix and/or Home Manager if you want.

    • ruination@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I have heard good things about Nix on Gentoo. I like both distros equally, I just have a difficult time deciding which to use as the main system and which to put on a VM so that I can finally stop distrohopping.

      • Veraticus@lib.lgbt
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I think NixOS is unlike any other distro out there. Other distros are some combination of prepackaged software and a package manager. That’s cool and all. But NixOS allows you to describe the state of systems and create them in the same way over and over again. That’s significantly more powerful and quite a differentiator.

        • ruination@discuss.tchncs.deOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          This is precisely why, if this was something more complex like a server or a setup with multiple devices, NixOS blows Gentoo out of the water. But, how significant is that advantage for a simple desktop? That’s not a rhetorical question, I genuinely do not know. There are two other factors for me that play into this decision that I forgot to mention: documentation, and unique features. Gentoo has better documentation, and even if that was not the case, I could just use the Arch Wiki; I can’t do the same with NixOS. As for unique features, these are currently what brings the two to a stalemate for me: NixOS has rollbacks and impermanence, and Gentoo has SELinux (and musl, which I want to try out). I suppose I can replicate rollbacks on Gentoo with something like Git and ZFS snapshots, not perfectly but to an extent satisfactory for my rather simple use case, and musl is more of a personal curiosity than anything significant for me. So it boils down to which between SELinux and impermanence would I rather have on my main system?

  • chkno
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I ran Gentoo for ~15 years and then switched to NixOS ~3 years ago. The last straw was Gentoo bug 676264, where I submitted version bump & build fix patches to fix security issues and was ignored for three months.

    In Gentoo, glsa-check only tells you about security vulnerabilities after there’s a portage update that would resolve it. I.e., for those three months, all Gentoo users had a ghostscript with widely-known vulnerabilities and glsa-check was silent about it. I’m not cherry-picking this example—this was one of my first attempts to help be proactive about security updates & found that the process is not fit for purpose. And most fixed vulnerabilities don’t even get GLSA advisories—the advisories have to be created manually. Awhile back, I had made a ‘gentle update’ script that just updated packages glsa-check complained about. It turns out that’s not very useful.

    Contrast this with vulnix, a tool in Nix/NixOS which directly fetches the vulnerability database from nvd.nist.gov (with appropriate polite local caching) and directly checks locally installed software against it. You don’t need the Nix project to do anything for this to Just Work; it’s always comprehensive. I made a NixOS upgrade script that uses vulnix to show me a diff of security issues as it does a channel update. Example output:

    commit ...
    Author: <me>
    Date:   Sat Jun 17 2023
    
        New pins for security fixes
    
        -9.8    CVE-2023-34152  imagemagick
        -7.8    CVE-2023-34153  imagemagick
        -7.5    CVE-2023-32067  c-ares
        -7.5    CVE-2023-28319  curl
        -7.5    CVE-2023-2650   openssl
        -7.5    CVE-2023-2617   opencv
        -7.5    CVE-2023-0464   openssl
        -6.5    CVE-2023-31147  c-ares
        -6.5    CVE-2023-31124  c-ares
        -6.5    CVE-2023-1972   binutils
        -6.4    CVE-2023-31130  c-ares
        -5.9    CVE-2023-32570  dav1d
        -5.9    CVE-2023-28321  curl
        -5.9    CVE-2023-28320  curl
        -5.9    CVE-2023-1255   openssl
        -5.5    CVE-2023-34151  imagemagick
        -5.5    CVE-2023-32324  cups
        -5.3    CVE-2023-0466   openssl
        -5.3    CVE-2023-0465   openssl
        -3.7    CVE-2023-28322  curl
    
    diff --git a/channels b/channels
    --- a/channels
    +++ b/channels
    @@ -8,23 +8,23 @@ [nixos]
     git_repo = https://github.com/NixOS/nixpkgs.git
     git_ref = release-23.05
    -git_revision = 3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d
    -release_name = nixos-23.05.419.3a70dd92993
    -tarball_url = https://releases.nixos.org/nixos/23.05/nixos-23.05.419.3a70dd92993/nixexprs.tar.xz
    -tarball_sha256 = 1e3a214cb6b0a221b3fc0f0315bc5fcc981e69fec9cd5d8a9db847c2fae27907
    +git_revision = c7ff1b9b95620ce8728c0d7bd501c458e6da9e04
    +release_name = nixos-23.05.1092.c7ff1b9b956
    +tarball_url = https://releases.nixos.org/nixos/23.05/nixos-23.05.1092.c7ff1b9b956/nixexprs.tar.xz
    +tarball_sha256 = 8b32a316eb08c567aa93b6b0e1622b1cc29504bc068e5b1c3af8a9b81dafcd12
    
  • cfx_4188@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It doesn’t make any difference. Gentoo and NixOS have the same concept. They are holistic systems not designed for multiple permanent changes. I’ve used Gentoo, it’s as much fun as building everything from FreeBSD ports. But some users install the OS to get work done, not to constantly tinker with the system, so now I choose NixOS.